如何解决Zookeeper中的SASL身份验证异常
自从我们迁移到zookeeper 3.5.7并启用了SASL身份验证以来,在生产者的Zookeeper登录中看到以下错误。
无法使用SASL进行身份验证 javax.security.sasl.SaslException。
堆栈跟踪如下:
2020-07-08 00:37:10,576 - ERROR [LearnerCnxAcceptor-pr3-alloyp-lapp302.prz.apple.com/10.57.16.137:xxxx:SaslQuorumAuthServer@132] - Failed to authenticate using SASL
javax.security.sasl.SaslException: Learner not trying to authenticate and authentication is required
at org.apache.zookeeper.server.quorum.auth.SaslQuorumAuthServer.authenticate(SaslQuorumAuthServer.java:82)
at org.apache.zookeeper.server.quorum.LearnerHandler.<init>(LearnerHandler.java:198)
at org.apache.zookeeper.server.quorum.leader$LearnerCnxAcceptor.run(leader.java:403).
我看着动物园管理员jaas conf,似乎什么也没脱颖而出。
QuorumServer {
org.apache.zookeeper.server.auth.DigestLoginModule required
user_admin="xxxx";
};
QuorumLearner {
org.apache.zookeeper.server.auth.DigestLoginModule required
username="admin"
password="xxxx";
};
Server {
org.apache.zookeeper.server.auth.DigestLoginModule required
user_test="xxxx";
};
Client {
org.apache.zookeeper.server.auth.DigestLoginModule required
username="test"
password="xxxx";
};
然后,我查看了zoo.cfg并将其与open source documentation进行了比较,但没有配置问题,我可以缩小范围。
dataDir=/zookeeper-3.5.7/data_snapshots
dataLogDir=/zookeeper-3.5.7/data_transac_log
# the port at which the clients will connect
clientPort=xxxx
# disable the per-ip limit on the number of connections since this is a non-production config
maxClientCnxns=0
tickTime=6000
initLimit=30
synclimit=12
#set hex value for 4GB i.e. 100000000.
jute.maxbuffer=100000000
autopurge.snapRetainCount=3
autopurge.purgeInterval=1
cnxTimeout=15
server.1=pr3-alloyp-lapp301.prz.apple.com:aaaa:bbbb
server.2=pr3-alloyp-lapp302.prz.apple.com:aaaa:bbbb
server.3=pr3-alloyp-lapp303.prz.apple.com:aaaa:bbbb
quorum.auth.enableSasl=true
quorum.auth.learnerRequireSasl=true
quorum.auth.serverRequireSasl=true
quorum.auth.learner.loginContext=QuorumLearner
quorum.auth.server.loginContext=QuorumServer
quorum.cnxn.threads.size=20
requireClientAuthScheme=sasl
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
authProvider.2=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
authProvider.3=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
很高兴获得解决此问题的建议。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
